Access Control is conventionally built on top of authentication. This approach is problematic when several different security policy domains are involved. Authenticating across domain boundaries requires contending with different policies (and mechanisms) for identity management, delegation and revocation of authorization, etc. Additional issues in pervasive computing include the lack of transitive infrastructure and the promiscuity of casual device interactions.

This talk will describe an approach to localizing the trust assumptions required for multi-domain access control in a pervasive environment. We place dual capabilities inside Identity-Based Encryption wrappers to force the authentication problems back inside each player’s ‘home’ domain.

Security problems which arise from talking to the wrong strangers are usually addressed by attempting to ensure that we know to whom we are speaking. We argue that often it is preferable to know that we are talking to the correct stranger.